Overview

overview

7

Static

static

7

3d8b001a1d...5d.exe

windows7-x64

7

3d8b001a1d...5d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d8b001a1ddbe60f402d1a439832275d.exe

  • Size

    16KB

  • MD5

    3d8b001a1ddbe60f402d1a439832275d

  • SHA1

    1cfa2bc0377c7bf314f326bc933901bf41a91112

  • SHA256

    c62ecf891a19a07280c5d1df489af92382a920773beb7e5b9373e2d1aca4a631

  • SHA512

    c6c4db6596d2cc551f2a6f219434219d1b5c77445e62586ab2e78bd441b44d645a4d32e8add5feadbc25d403b950864ba65e5dbe0229a1c00b690bf387decb3c

  • SSDEEP

    384:lQb3v9KGj8qSA7ETxg6M/xoUXKSrPxcR0T:gEDA7YxNM/xoUXK+c

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d8b001a1ddbe60f402d1a439832275d.exe
    "C:\Users\Admin\AppData\Local\Temp\3d8b001a1ddbe60f402d1a439832275d.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2396
    • \??\c:\windows\fbtre6.exe
      c:\windows\fbtre6.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\5465465465463.bat
        3⤵
          PID:2796
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\5465465465463.bat
        2⤵
        • Deletes itself
        PID:2856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\5465465465463.bat
      Filesize

      111B

      MD5

      c4d633ae442767f9c8f5a6668054587c

      SHA1

      0db84468d067409e2496d1c51577d91a63900da0

      SHA256

      612b21979c958e557d17fb6851291ee040b13da63dabf2fbf95b2c9e4af55cd0

      SHA512

      58555cffa50ae87bf1db48236eb929518f170ecaa94b8297f75d92fc5526f0f2622a3f4925b37bdcab681d23b192b187d3af8e7c0fc962aadb660093577d4088

      Download Submit

    • C:\5465465465463.bat
      Filesize

      209B

      MD5

      e57bfa1ecb6bff66988a982f36dde446

      SHA1

      5e9ec6f6e34b0e2b96bb4182cfd641ac1ddb25fe

      SHA256

      68d31351cc8bb5648809521cf8e8c37ee0b04779f6aa5ef2131f803a027d0bcb

      SHA512

      efbf2f4bd0d6e984531c1d40d4588c1c9425f76ab3e645e25eed693b9f3a0d17d60561355a7845ac5c0cdac1ff166bc485d35cabc453e1b56b35898ded7850b7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6bed52568bc9b674a6e38d9d656acbf4

      SHA1

      1d3c5302b1ff261acf25cb817d06766b36bb0595

      SHA256

      161bdc68be9be4342f278470fa5479b56c15b741670e1a7c0105e7a8d78391b0

      SHA512

      3a3556e77d51bc2d96d07f1780dff115e45cc710acb12f479940c956bcaae02aa4efb6079a091da30e327fda761cb907f44df6c91269312fdcc6bc8c6be37deb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCB2C.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCC0B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Windows\fbtre6.exe
      Filesize

      16KB

      MD5

      3d8b001a1ddbe60f402d1a439832275d

      SHA1

      1cfa2bc0377c7bf314f326bc933901bf41a91112

      SHA256

      c62ecf891a19a07280c5d1df489af92382a920773beb7e5b9373e2d1aca4a631

      SHA512

      c6c4db6596d2cc551f2a6f219434219d1b5c77445e62586ab2e78bd441b44d645a4d32e8add5feadbc25d403b950864ba65e5dbe0229a1c00b690bf387decb3c

      Download Submit

    • memory/1980-15-0x0000000000400000-0x000000000040D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/1980-20-0x0000000000300000-0x0000000000302000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2396-0-0x0000000000400000-0x000000000040D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/2396-3-0x00000000003B0000-0x00000000003BD000-memory.dmp

      Filesize

      52KB

      Download